On April 7, 2016, Turkey’s law on Personal Data Protection, number 6698 (the “Law”) was published in the Official Gazette and came into force. Although the Turkish Constitution establishes a general right to privacy, and there are a patchwork of personal data protection provisions contained within sector-specific regulations, the Law represents Turkey’s first dedicated privacy and data protection statute. The Law is based on the European Union’s 1995 Data Protection Directive (95/46/EC) (the “Directive”), but differs from the Directive in a number of important respects.

And yes, this all does seem a bit ironic given that Turkey is currently in the throes of investigating a massive data leak involving 50 million citizens’ identity information. For coverage of that breach, see DataBreaches.net.